package com.huang.springbootjspshiro.controller;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.apache.shiro.authz.annotation.RequiresRoles;
import org.apache.shiro.subject.Subject;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;

@Controller
@RequestMapping("order")
public class OrderController {

    @RequestMapping("save")
 //   @RequiresRoles("user")
    @RequiresPermissions("user:add:*")
    public String save(){
        Subject subject = SecurityUtils.getSubject();
        //通过代码方式
//        if(subject.hasRole("user")){
//            System.out.println("可以保存订单");
//        }else {
//            System.out.println("没有权限");
//        }
        return "redirect:/index.jsp";
    }
}
